2 matches found
CVE-2024-27938
CVE-2024-27938 concerns Postal, an open source SMTP server. The vulnerability affects Postal versions older than 3.0.0 and enables SMTP Smuggling, potentially allowing an incoming email to be spoofed as if sent from a server the recipient user authorized. The impact is limited to inbound mail flo...
CVE-2026-25529
Postal is an open source SMTP server. CVE-2026-25529 affects versions before 3.3.5, where unescaped data could be injected into the admin interface, primarily via the API’s send/raw method. This HTML injection could permit arbitrary HTML and potentially unauthorised JavaScript execution in the ad...